适用于DNS的iptables规则

UWYAR • 2025年1月1日 17:04:59 • DNS解析

# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Thu Oct 31 15:53:45 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25144:3493694]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -p udp -m udp –sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp –sport 53 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 20000:20500 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Oct 31 15:53:45 2013
# cat /etc/sysconfig/iptables.save
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 22 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 21 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 80 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 8080 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 20000:20500 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
#

原创文章，作者：UWYAR，如若转载，请注明出处：http://www.wangzhanshi.com/n/14002.html

适用于DNS的iptables规则

相关推荐

发表回复